JWT Decoder
Decode and inspect JSON Web Tokens — view header, payload, and expiry
What is JWT Decoder?
JWT Decoder parses JSON Web Tokens into their three components — header, payload, and signature — so you can inspect the claims, algorithm, expiration time, and other data inside a JWT. JWTs are widely used for authentication in modern web applications, and this tool helps developers debug token issues without writing code.
How to Use This Tool
- Paste your JWT string (the long token starting with eyJ...)
- The header and payload are decoded and displayed instantly
- Check the expiration time (exp claim) to see if the token is still valid
- Review claims like sub, iss, aud to verify the token contents
Common Use Cases
- Debugging authentication issues by inspecting access and refresh tokens
- Verifying JWT claims (issuer, audience, expiry) during API development
- Checking token expiration times when troubleshooting session timeouts
- Reviewing OAuth2 tokens returned by identity providers like Auth0 or Firebase
Frequently Asked Questions
Does this tool verify the JWT signature?
This tool decodes and displays the JWT contents. It does not verify signatures since that requires the secret key or public key, which should never be shared in a browser tool.
Is it safe to paste my JWT here?
Yes. The decoding happens entirely in your browser. The JWT is never sent to any server. However, avoid sharing production tokens with anyone.
What are the three parts of a JWT?
A JWT has three Base64-encoded parts separated by dots: the header (algorithm and type), the payload (claims and data), and the signature (verification hash).